We have our Voice and Data Vlan segregated by an ASA Firewall. The CallManager sits within the Voice Vlan. The IPT Solution reference network Design Document says;
"By placing a firewall between the Cisco CallManager cluster and both the voice and data networks, you greatly reduce the exposure of the most critical component in the Cisco AVVID network, the call processing agent. The firewall acts as a guardian between all IP devices and the Cisco CallManagers,
ensuring that only specific transactions are allowed."
I'm trying to find a document or configure example so that I can configure the ASA to implement this security design.
Can anyone provide a reference?
I guess what the document states is ASA's layer 7 inspection engines (in case of call manager, SIP, SCCP and H323).
There are also some unified communication features:
Hope this helps.